--------------------------------------------------------------------------

1.   --------------------------------------------------------------------------
2.   Date: 11/8/2017 -- 16:34:24. Sorted by: average ticks.
3.   --------------------------------------------------------------------------
4.    Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
5.   -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
6.   1        1003279      1        1        8389002      29.32  1458     1458     103936      5753.77     5753.77     0.00      
7.   2        1003277      1        1        10663780     37.27  3282     146      15829       3249.17     9516.23     2957.40    
8.   3        1003278      1        1        9557300      33.41  3282     1456     10320       2912.04     6006.85     444.32    
9.  
10. user@user-Precision-T7610:~/malware/bugtest$ cat suri
11. suricata.log  suri.rules    
12. user@user-Precision-T7610:~/malware/bugtest$ cat suri.rules
13. alert udp $HOME_NET any -> any 53 (msg:"TEST old style DNS A Lookup sig"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"google"; nocase; distance:0; fast_pattern; classtype:bad-unknown; sid:1003277; rev:1;)
14.  
15. alert udp $HOME_NET any -> any 53 (msg:"TEST old style (updated syntax) DNS A Lookup sig"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"google"; nocase; distance:0; fast_pattern; classtype:bad-unknown; sid:1003278; rev:1;)
16.  
17. alert dns $HOME_NET any -> any any (msg:"TEST new style DNS A Lookup sig"; dns_query; content:"google"; classtype:bad-unknown; sid:1003279; rev:1;)